Here’s how the ‘BT Broadband Security’ scam works – a victim’s narrative

The main reason why there has been no recent activity on For Argyll is because the editor became the victim of a very sophisticated and very plausible ‘phishing’ scam that appears to be doing the rounds.

One consequence is that the normal newsroom system is now toxic and a replacement had to be set up – but all the files and emails are in the quarantined system. So heartfelt apologies for the absence of stories that ought to have appeared; and to those whose emails have gone unanswered – and will remain unanswered until they can be made safely accessible.

We hope it will be generally helpful to have a first hand account of how this scam was perpetrated. Here it is.

The ‘BT Broadband Security’ scam

I was phoned at about 9.45 by someone who said that they were from BT Broadband and their call was in connection with the new fast broadband supply to my area.

What made this immediately plausible was that BT Openreach engineers have been in the village of Furnace, where I live, for some days – installing fibre broadband.

Phase 1 – of what became a two and a half hour phone procedure

This caller – ‘David’ – was Scammer No 1 in a sequence of three. He spoke with an Indian accent. He first asked if I had noticed that my internet speeds had been low lately. I had indeed – but had not complained because I knew the BT Openreach engineers were at work locally and put it down to system upheavals. ‘David’ said that the speed reduction was because of the extent of fraudulent use of my IP address.

My bank’s Fraud Team say that the scammers may well have caused my internet speeds to drop, in preparation for the call – to add to their apparent authenticity.

‘David’s’ pitch was that in checking out the local users of the service during the process of this installation, BT had discovered some serious anomalies in my IP address. It had been ‘used many times from foreign addresses’; and that, in getting the new system ready to operate properly, they wanted to help me sort out my internet security issues.

The first thing ‘David’ got me to do was to download an application – join.me – that would help them to help me. I did it [and no one should ever do this sort of thing].

I got an immediate message saying that my screen was being shared.

This was a matter of potential alarm and I immediately said: ‘Hang on. You haven’t told me who my screen is being shared with. This could be an almighty scam. How do I know you’re from BT’?’ This may sound intelligent – but I meant it only theoretically. I had already accepted the call as authentic – because of the local presence of BT Openreach engineers – and saw ‘David’ simply as ignorant in the proper informing of customers.

His response was that there was no cause for alarm; that my screen was being shared only with the BT team to allow them to talk me through some actions to get my internet security repaired; and that I would be getting an email from his boss, Alex Ebrahim.

That email duly arrived from a btinternet.com address and with the BT logo at the foot. It was little more than a point of contact and, since I had already assumed that the call was genuine, I did not even see it, or need it, as a validation device.

Next came some incoherent technical guff about Ofcom checking the BT installation and that if it did not meet the stellar speeds he said I should expect and had to be changed, it would all be done by an engineer and would not cost me anything.

This made no sense – I put the incoherence down to English not being the ‘operative’s’ first language. I did ask some clarifying questions which confused him greatly and he quickly put me through to ‘a technician’.

This was Phase 2 – but note that the purpose of Phase 1 had been achieved – the door had been opened for the scamming team to exploit.

As soon as I had downloaded join.me and ‘shared’ my screen, they could see the full details of everything I opened under their long series of instructions.

Phase 2

Scammer 2 – the ‘technician’ – was called ‘Ron Spencer’. He was English, speaking with a generic English voice, no specific regional accent. He was relaxed, knowledgeable, lucid, methodical and had an easy going persona that rang no alarm bells whatsoever.

He explained that his job was to talk me through the processes which would identify the weaknesses in my internet security, so that they could help me to secure my IP address and my other online activities which their [‘BT’] checks had found to be compromised.

Because the focus was on my IP address, I did not question why it was any of BT’s business whether my personal internet security was good or horrendous. I just got on with doing what I was asked to do.

‘Ron’ wanted me to check my main online shopping accounts. They would have been seeing every account screen I opened on the major supplies I and most people use for online shopping.

Then he wanted me to check on the security of my digital banking.

When I said that I had had an earlier problem [not security related] with my digital banking and had not reapplied for the service, he said not to worry, he would talk me through that.

He actually talked me through a re-registration process for online banking – during which the scammers would have seen me enter – and access – a lot of immediately useful personal and financial detailsg

This included the new Customer Number the bank allocated to me during the re-registration.

He knew a lot more than I did about that digital banking system – including the fact that the Card Reader you apply for to assist your use of digital banking to pay bills online is simply a device capable of accepting any card – and is not tied to a specific account.

The point of this was that it was then possible for me, under instruction, to use my partner’s Card Reader and put my card in it, validating that with the new Customer Number I had been given – and they had seen.

Then it was time for me to call up my account summary – which, since we have a separate joint account for household expenses, allows any of us to see all of the individual accounts held by each named individual on that joint account. [This is a separate issue of concern to me about my bank’s normal procedure and one I had recently become aware of for other reasons.]

At this point, the scammers could see my account summary list, with the sort codes, account numbers, account types and account balances of each member of my household.

I was asked to check out my own account to see if there had been any unauthorised spending in the past month. I carefully checked each item – unwittingly giving them plenty of time to see all of the detail.

The need to explain – which is in my nature as well as part of what I now do, led to me helpfully explaining why there were several accounts listed; and that at this point I would need to get my sister to come and check the activities on her personal account – which I then did. There was nothing strange that either she or I could detect on any account.

The pace of progress through the matters I was instructed to check was slow and measured. Now I realise that, once the door had been opened and the key information exposed, this pace was designed to allow the scam team to get busy at once – while the long call proceeded.

The snail’s pace was clearly [and successfully] designed to keep me occupied and leave me unfree to start making any premature enquiries I might suddenly have been minded to make.

I know now that some of the four attempts to take money from our accounts were made during the call.

Eventually, after ‘Ron’ had talked me through everything he wanted to ‘help’ me check out, he said he was now passing me on to his supervisor, Alex Ebrahim, from whom I would already have had an email and who would talk me through the last technical procedures to secure my online activities.

I had been so impressed with ‘Ron’s’ knowledge, patience and forensic thoroughness that I asked him how I should go about registering officially my positive rating of his conduct of the procedure. [It’s my habit to do this for Customer Service staff who are first class at their job and who can be underrated in what is a very important connection.]

‘Ron’ seemed surprised – and rather amused somehow. I put this down to embarrassment at praise – now I understand how hilariously ironic my response will have been to him.

He put me through to ‘Alex’ with his own warm thanks for my assistance – a second irony only recognisable after the event.

Phase 3

On to Scammer 3 – ‘Alex Ebrahim’ – an Indian voice, much less coherent and focused than was ‘Ron’, the key class act of middle-man in the operation.

‘Alex’ was to take me through the technical process of identifying and trying to correct the claimed multiple breaches of my online security.

His real job was to take up more of my time, allowing the scam team to make the subtractions from the accounts of which they now knew so much; and to keep me occupied until they had done so.

His job may also have been to cream off some more money in a secondary scam.

He directed me to open an online application from ‘MacPaw’ called ‘CleanMyMac 3’; to choose the free download version; and to set to to scan my system for mischievous invasions.

First, its scan returned a horrifyingly long list of red headlined ‘errors – andfn tthen ‘.

Then it began to search categories of these errors – at which point it declared that it had failed and could not complete the scan.

Alex said not to worry, just to try it again. This, of course, kept me tied down for longer and not thinking beyond the immediate task to be done.

CleanMyMac 3 failed at the same stage for a second time.

‘Alex’ then said he recommended buying the full version as it was important to get my compromised system cleaned. He told me how to get back to the page offering the choice of the free download or the full version.

The full version required licenses to be bought for the number of computers in a household. We have four, one a seldom used older desktop machine, ‘Alex’ helpfully suggested that dfor three laptops a licence for two would do [at over £54] since the third machine couold try the free download [which had already failed me].

I bought this licence – and paid for it with PayPal. In this particular circumstance using Paypal now seems laughable, I prefer it, where it is a payment option, because it seems a more secure system than is serially entrusting the details of your debit/credit card to sources of unknown integrity.

The later Paypal notification of the request for payment was to a company called ‘Fastspring’.

After displaying three new ‘errors’ – of which ‘Alex happened to enquire if any were described as ‘fatal errors’ [one – of course – was], the full licensed versionof CleanMyMac 3 also failed to function

‘Alex’ eventually seemed to lose interest in the need to be sure my system was securely cleaned. He declared that by then they knew enough to be certain that they’d got everything properly repaired.

Then he ended his sign out by saying that the BT system was now finalising the clean up and that I should not use the computer for 45 minutes – giving me a phone number [bogus] to call him or ‘Ron’ at that point, if my system was not behaving normally.

By this time I had been on the phone for over two and a half hours and felt pretty demob happy.

Postscript

My sister immediately put some stern perspectives on my lack of suspicion – all of which suddenly seemed painfully obvious and added up to a pretty dreadful scenario.

I got on to BT Openreach – who heartsinkingly confirmed they had no employees called ‘Alex Ebrahim’ or ‘Ron Spencer’; and volunteered that the company had made no phone call to my home number for at least a month.

I got on to my bank’s Customer Services department and then to its Fraud Team.

I was very lucky – undeservedly lucky – that the bank’s own security system had identified as ‘unusual activity’ the requests for payment that had been made to each of four separate accounts – and had blocked payment.

I was also lucky that I although I had recognised the scam too late – I had done so quickly enough to confirm the bank’s concerns in time.

These payment requests were then rejected and the Fraud Team put the matter in the hands of the law enforcement authorities – whatever they can do about it.

Our accounts have been put beyond compromise. My debit card has been cancelled and its Pin number access killed – at my request because I had a horrid memory of having typed it into something [on my shared screen] during that interminable ‘procedure’.

I have been removed from online banking for the time being – but may reapply when my new card arrives. Until then I can get money only in person at my bank branch.

The Fraud team will talk to Paypal and even that amount may be recoverable.

I have changed my online shopping usernames and passwords. I am arranging for my compromised laptop to be professionally cleaned and cannot use it until that has been done. I am using a light Mac I had recently got for travelling; have recovered my access to For Argyll’s ‘back office’ on it; and have set up an online email account.

This means that I can function within the limits of having access to no records of any kind for the time being.

The consequences of being suckered in to this sort of fraud tend to run on.

I am embarrassed by my stupidity. Rather than mask it or excuse it, it seems more useful to be open about the extent of that stupidity – and the reasons for it – as a contribution to greater awareness of now these thieves work; and of how well prepared, how strategic and how painstaking such scams can be.

This is not a full account but I have spared no detail of my own gullibility in this particular scam.

Quite a remarkable coincidence that the sub-continental cowboys timed their raid when they did – or was it?
Had they perhaps gained access to BT Openreach’s engineering work schedules – far more detail than we the customers would be privy to – to know in which communities they would be afforded extra credibility?
Or, worse still, have BT’s offshore operations in India been compromised on the inside? This isn’t exactly unknown for UK companies who set up call centres in India to cut costs, to the sometimes severe financial disadvantage of their customers.
And if I sound unduly cynical about BT, turn to p38 in tomorrow’s Private Eye.

Even allowing for all the hastle that has entailed you were fortunate in that the bank’s security systems worked. We always groan when they stop a payment and we have to contact them and convince them that it is OK, but we should appreciate that their check is all that stands between us and scammers like these.

I’m glad you escaped unscathed (financially at least) and that you shared your experience. I’m sure it will help others to avoid these creeps.

I too have been targeted – on two occasions. I too escaped financial loss, but not, as in your case, by using my intelligence. My saviour was my own bumbling ineptitude – I couldn’t follow the instructions of the scammers, however hard I tried, and, frustrated and exasperated they gave up on me after wasting several hours. I almost feel sorry for them!

In any case, they wouldn’t have gained anything because I don’t do banking by computer. Writing a cheque is about my limit of fiscal manipulation. So I guess the moral of my story is that there is merit in being dumb, keyboard clumsy, and computer illiterate.

Newsroom. Very interesting and I would suspect there are quite a number of others out there who have had the same or similar experience as you. This type of fraud, theft or whatever you wish to call it will continue as the Banks are determined to introduce ‘internet banking’ and be rid of paper statements. I’m presuming you are reasonably young and have much more concern for the more aged folk (like me)who are not so computer savvy.Thanks for your honesty.

Much the same thing happened to me earlier this year, and boy did I — an experienced computer user — feel foolish. Fortunately the much maligned RBS fully refunded me for the money taken. The message to all is never give/show bank details.

People worry about giving bank account details (i.e. account number) online because it is not safe but they will give or post a cheque to a complete stranger, and what is printed on the bottom of the cheque?

Surely, however, the alarm bells should have been ringing at the very fact BT phoned you to help! Everyone knows their customer support/services are shocking when a member of the public phones them (BT) so there is no way they would be phoning members of the public to help! 🙂

Lynda, I’d like to add myself to those thanking you for this honest and informative account, which could save many others getting into trouble. The scammers are clearly very plausible and it is very easy to take one wrong step and ‘reveal all’. Personally I have nothing to do with internet banking, even if that makes me a fogey!

I’m glad it wasn’t as bad as it could have been. Never, but never, do anything In regard of banking or passwords that a stranger on the phone asks you to do. Repeat – never.
No utility company or Bank do anything pro active to help customers. It’s always a scam. I’ve worked in a Bank: support teams will never call customers and ask them to do anything like this.

Also be very careful if they tell you to put the phone down then call them back, they could hold the line open – this is said to have been fixed on BT by reducing the time that the connection is held but I would still be very careful.

I have been targeted at least 3 times by this type of scam. Usually I just put the phone down straight away but once when I had a free day I strung them on for an hour or so. Strangely satisfying knowing that while they were talking to me they couldn’t be a danger to others! Well done for writing this article, the more people who know about these scams the better.

I think it’s very courageous of you, Lynda, to give us all these details. And I hope everyone takes note.

Having been engaged in a three year battle with BT, I’ve had a load of email scams (and yes, the shown email address is name@bt.com) – these I forward every time to BT as they’re fraudulent but only had one around the time Tobermory was due to get “fibre” broadband. I expected a call from BT because I’d been complaining long and loud about our Internet connection and could back it up with over a year’s worth of daily speed tests and emails from BT, but they rang at the wrong time. I phoned BT later that day and, sure enough, we could get connected. If I’d waited till whoever caller was came back, I could well have been taken in, though, thankfully, I refuse to use Internet banking.

Aside from the police, your bank, etc., have you thought about alerting, or ensuring that the police alert, neighbourhood watch groups? Now Police Scotland has established Rural Neighbourhood Watch schemes, it might be well asking.

As someone who works in IT just please be aware
(1) BT and Openreach NEVER call you about problems, even those of us in the industry can only get BT on the phone regarding internet service provision.
(2) BT and Microsoft do not call people and “proxy” onto their computer other than very big companies with service contracts and these are usually through third party value added network suppliers.
(3) Never let anyone install proxy software on your computer, unless you work for a big company and they supply you with it so that their tech support can help you at home.
(4) Any genuine telephone tech support would never have you on the telephone for two and half hours, they would be sacked for the long handle time ! No genuine tech support will ever ask for your IP, password or financial details, the IP is irrelevant, it is dynamic and changes for most users with every use of the net, if you do business with an organisation they know your payment means already and don’t need your password.
(5) As someone else wrote be careful doing a call back – the scam artists can keep the line open and make it sound like you called them. Look up a customer service number on the organisations website or from a bill, if necessary call another number first to make sure the line is clear.

Unfortunately networked technology has given bad people yet another way to try to part trusting people and their money.

Well done for sharing and for the detailed account. All the advice given is of course correct – but you knew it already, as do we all! Eternal vigilance is not easy to maintain, how often one escapes by a whisper. Thank you.

Seems that they are still active in the area. I have just had a call from an asian caller who purported to be from Open Reach stating that there had been a request to cut off my internet connection and what did I say to that.

I replied that it was a load of crap and that he was clearly a scammer.

I was receiving masses of these calls sometimes up to three in the same day, despite giving different responses. Telling them to eff off, explaining that I had never been a BT customer and never would be, and so on.

Eventually I lost patience with them (if you have caller display on your phone and happen to see the display as the call starts you will see International Call flash up, quickly replaced by 02075676666 number or similar). The next time I saw that number I answered the phone with “Scottish Police, Inspector Jack Frost Denton CID, thank you for calling, we’ve been waiting for your call….” They rang off immediately and we’ve now had three weeks without receiving another call from them. It may be coincidence, but it does seem to have done the trick

It certainly is very odd for a commercial site to closedown in this manner, giving no explanation and leaving the ignition running as it were.

I am still puzzled as to why there has been no Troll activity at all on this thread as far as I can see. Have they succeeded in their aim of closing the site down? If some kind of legal gag has been applied, it must be some gag.

Men in dark coats and glasses, shutting down the free media who dare question the Dear Leader and her Apparatchiks. Zero tolerance of those “not on message”. A poor day for democracy and free speech if it is a gag. Is this a foretaste of an independent Scotland?

In reply to A.Salmon, by coincidence, in one of FA’s last police reports from Lochgilphead the police were looking for the owner of a property where a lecky by-pass device was found.

Seriously though, did the Supreme Court say this as reported?

“”It is worth noting that in its judgment the Supreme Court said:
‘“The first thing that a totalitarian regime tries to do is to get to the children, to distance them from the subversive, varied influences of their families, and indoctrinate them in their rulers’ view of the world. Within limits, families must be left to bring up their children in their own way.’
Hot debate. What do you think? Thumb up 18 Thumb down 2
NEWSROOMJuly 28, 2016 10:39 amReply””

Personally I have ruled out an alien abduction but on the other hand….

Seriously, right on cue a Troll is ordered to break cover! Are we nearer the truth than we might like to believe? In my opinion nothing connected to the SNP happens without the sayso of SNP Central. Are we living in a more totalitarian society than any of us dared think?

The state of suspended animation of For Argyll seems very strange. If the management decided to pull the plug would they not have pulled the plug completely and left us with blank screens?

Sorry to piss on your parade but I’m not associated with the snpee. They are not radical enough on land reform for me.
As for the rest of your post,you need help,and quickly. Paranoiac,narcissistic,and downright stupid,all in one post.

The 1st Minister will have her plug pulled by the end of the year.The “national conversation” so mentioned, is nae but a fart in a gale, “a combination of bluster and bluff” if I remember the failed sad wee ecks sound bite correctly.Come on Nippy call another vote so we can watch you disapear over yonder brae once and for all.

Just found this thread. When they tried it on me I immediately contacted BT and they were totally apathetic. They simply didn’t want to know and didn’t care a jot. SO I then contacted the Fraud Squad in London. Very impressive. These guys are PROACTIVE – they agree with me that we should chase these bastards and punish them, not just sit back and suffer in silence. But they need INFORMATION from the public to do this. So,PLEASE, even though it’s a bit of a bother, do get in touch and REPORT what has happened to you in as much detail as possible. It’s the only way we will ever stand a chance of nailing the sods.

There is not a lot to report except that you have had a call from an unknown person who either had his number withheld, displayed a false number or was International and of course he did not give he true name.

The authorities need proactive call centres with access to forensic call tracing facilities to try and identify the caller but even then it is a foreign caller there is little they can do.